Description
A command injection vulnerability in the devcert module may lead to remote code execution when users of the module pass untrusted input to the certificateFor function.
Recommendation
Update the devcert package to the latest compatible version. Followings are version details:
- Affected version(s): <= 1.1.1
- Patched version(s): 1.1.2
References
Related Issues
- Command Injection in hot-formula-parser - CVE-2020-6836
- karma-mojo enables OS Command Injection - CVE-2020-7626
- systeminformation command injection vulnerability - CVE-2020-7752
- chrome-launcher subject to OS Command Injection - CVE-2020-7645
- Tags:
- npm
- devcert
Anything's wrong? Let us know Last updated on February 01, 2023